8 Mar 2006

1. To check if a cookie exists, see if Request.Cookies[CookieName] is null. DON'T CHECK Response.Cookies in this way just to see if a cookie exists! Doing this, if the cookie does not exist

An empty "browser-session" cookie with name of CookieName is created in the Response.Cookies collection.

The cookie created above is copied to the Request.Cookies collection! This is clearly bonkers.

2. To send a new cookie to the user's browser, use Response.Cookies.Add().

If you want a "permanent" cookie, set Expires to DateTime.Now.AddYears(30)

If you want a "browser-session" cookie, set Expires to DateTime.MinValue

3. To change aspects of an existing cookie received from the user's browser, copy it from Request.Cookies to Response.Cookies and make your amendments. YOU HAVE TO RESET THE Expires PROPERTY as it will have arrived set to DateTime.MinValue in the Request.Cookies collection, regardless of its actual expiry date on the user's browser.

4. To remove an existing cookie from the user's browser, there is ONLY ONE RELIABLE WAY TO DO IT. Copy it from Request.Cookies to Response.Cookies and set the Expires property to DateTime.Now.AddYears(-30)